Cyrus imap, virtual domains and ldap authentication

[John Arthur]

> I have never used virtual domains so I don't know about that. I'm using
> both methods in different configurations and they both work well. However,
> I think for virtual domains, you have to use 'sasl_pwcheck_method: ldap'
> because pam doesn't handle what you want.
>
> Simon

Hi Simon,

Your Cyrus rpms are very much appreciated thank's very much.

Well I appear to have virtual domains working on redhat 9.

This is what I did.

I got the cyrus-sasl rpms from Fedora Core 1 and rebuilt them on Redhat 9
with ldap support added in (it's off by default).

Changed the saslauthd mech from shadow to ldap.

Created /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1
ldap_bind_dn: cn=Manager,dc=domain,dc=net
ldap_bind_pw: supersecret
ldap_scope: sub
ldap_search_base: dc=domain,dc=net
ldap_auth_method: bind

-----------------------
Used saslauthd in /etc/imapd.conf

#sasl_pwcheck_method: auxprop
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN

default_domain: unused.domain.net

I have different ou's for each domain in my ldap server and each user has a
uid=user at domain1.com uid=user at thisdomain.com uid=user at thatdomain.com

Now I just have to go through and tighten up the security ;-)

John

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html